Forcing HTTPS on admin pages


I am trying to force the admin pages, and most importantly the admin login page, to use https even if the request comes in as http. I have set the following in my configuration:


but it doesn’t seem to have any effect. If I visit the connection does not switch over to https. I should point out that I have the SSL certificate all set up and working properly on the site. If I explicitly visit it works fine, but I don’t want to rely on expecting the user to remember to type the S in the URL.

I figured out another way to accomplish this, which involves editing the .htaccess file for the /admin directory, but this is less than ideal since those changes will get erased with an upgrade to phpList in the future.

Any thoughts/suggestions are most appreciated.


You could set the url re-write commands in your apache .conf file (httpd.conf)?

Great suggestion. Thanks Dan!

For future visitors, here’s what I did. I added the following within the appropriate < VirtualHost *:80 > section of my httpd.conf file

<Directory "/path_to_phplist/admin">
    	Allow From All
	RewriteEngine On 
	RewriteRule ^(.*)$$1 [R,L]
1 Like